CVE-2024-6128
Published: 18 June 2024
Summary
CVE-2024-6128 is a medium-severity Improper Enforcement of Behavioral Workflow (CWE-841) vulnerability in Spa-Cart Spa-Cartcms. Its CVSS base score is 6.9 (Medium).
Operationally, ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47275
Vulnerability details
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to…
more
enforcement of behavioral workflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268895.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.